Yes in could be that in some cases where a user working at "mycompany.com" sends email to another person at mycompany.com and that the mail stays inside a company email server. But (1) this is a special case and (2) many times, maybe even most times that mail server is run by the company's ISP. Only the larger companies have their own in-house mail servers,most left someone like the ISP handle it.
So in the special case in internal emails where the company runs its own servers there is no exposure but in all other cases the PDF attachment is going to be stored many times at random unknown places all over the Internet.
Take a look at your own email. Look at the raw headers, but the smaller subset the mail reader shows. Look at the raw text files and see how many "Received By" header are in one of your typical emails. A half dozen such lines are not uncommon.
This is not a special case and those corporate/government servers are exactly where the information is most sensitive anyway. Nobody cares about the selfie your girlfriend sends you - well, besides you.
I wrote earlier that we had reported this issue to Apple over a year ago (privately), I chuckled reading the headline.
Love it how any time there's an issue with iDevice X, fanboys have every excuse in the world to make it seem inconsequential. Oh boy, if this were the case on another phone.... why we wouldn't hear the end of it.